The header field name is DNT and it currently accepts three values: 1 in case the user does not want to be tracked (opt out), 0 in case the user consents to being tracked (opt in), or null (no header sent) if the user has not expressed a preference. The default behavior required by the standard is not to send the header unless the user enables the setting via their browser or their choice is implied by use of that specific browser.

Contents

In 2007, several consumer advocacy groups asked the U.S. Federal Trade Commission to create a Do Not Track list for online advertising. The proposal would have required that online advertisers submit their information to the FTC, which would compile a machine-readable list of the domain names used by those companies to place cookies or otherwise track consumers.[9]

In July 2009, researchers Christopher Soghoian and Sid Stamm created a prototype add-on for the Firefox web browser, implementing support for the Do Not Track header. Stamm was, at the time, a privacy engineer at Mozilla, while Soghoian soon afterward started working at the FTC.[10] One year later, during a U.S. Senate privacy hearing, FTC Chairman Jon Leibowitz told the Senate Commerce Committee that the commission was exploring the idea of proposing a "do-not-track" list.[11]

In December 2010, the FTC issued a privacy report that called for a "do not track" system that would enable people to avoid having their actions monitored online.[12]

One week later, Microsoft announced that its next browser would include support for Tracking Protection Lists, that block tracking of consumers using blacklists supplied by third parties.[13] In January 2011, Mozilla announced that its Firefox browser would soon provide a Do Not Track solution, via a browser header.[5] Microsoft's Internet Explorer,[14] Apple's Safari,[6] Opera[7] and Google Chrome[15] all later added support for the header approach.

When using the "Express" settings upon installation, a Do Not Track option is enabled by default for Internet Explorer 10.[16] Microsoft faced criticism for its decision to enable Do Not Track by default[17] from advertising companies, who say that use of the Do Not Track header should be a choice made by the user and must not be automatically enabled. The companies also said that this decision would violate the Digital Advertising Alliance's agreement with the U.S. government to honor a Do Not Track system, because the coalition said it would only honor such a system if it were not enabled by default by web browsers.[18] A Microsoft spokesperson defended its decision however, stating that users would prefer a web browser that automatically respected their privacy.[19]

On September 7, 2012, Roy Fielding, an author of the Do Not Track standard, submitted a patch to the source code of the Apache HTTP Server, which would make the server explicitly ignore any use of the Do Not Track header by users of Internet Explorer 10. Fielding asserted that Microsoft's decision "deliberately violates" the Do Not Track specification because it "does not protect anyone's privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization." The Do Not Track specification did not explicitly mandate that the use of Do Not Track actually be a choice until after the feature was implemented in Internet Explorer 10.[20] Fielding pointed out that Microsoft knew its false signals claiming that users had chosen Do Not Track would be ignored, and that its goal was to effectively give an illusion of privacy while still catering to their own interests.[21] On October 9, 2012, Fielding's patch was commented out, restoring the previous behavior.[22][23]

When a web browser requests content or sends data using HTTP, it can include extra information optionally in one or more items called "headers". Do not track adds a header (DNT: 1), indicating that the user does not want to be tracked.[24] The browser user has no control over whether the request is honoured or not.

There are no legal or technological requirements for its use. As such, websites and advertisers may either honour the request, or completely ignore it.[25] The Digital Advertising Alliance does not require its members to honor DNT signals. "The Council of Better Business Bureaus and the Direct Marketing Association will not sanction or penalize companies or otherwise enforce with respect to DNT signals set on IE10 or other browsers."[26]

There are organizations, such as DataNeutrality, that are involved in setting DNT guidelines for private companies involved in data collection.